Attackers have begun targeting a critical Oracle EBS vulnerability, increasing the pressure on organizations that still run unpatched systems. Security researchers recently detected real-world attacks, confirming that cybercriminals have moved beyond analyzing the flaw and started exploiting vulnerable servers.

The Oracle EBS vulnerability, tracked as CVE-2026-46817, affects Oracle Payments and allows remote attackers to compromise vulnerable servers without authentication. Organizations that expose Oracle E-Business Suite to the internet face the greatest risk.

Critical Bug Opens the Door to Remote Attacks

Oracle identified the flaw in the File Transmission component of Oracle Payments and assigned it a CVSS score of 9.8, placing it among the most severe vulnerabilities affecting the platform.

An attacker can exploit the bug over HTTP without valid credentials or user interaction. Once inside, the attacker can seize control of the affected Oracle Payments environment and potentially access sensitive business systems.

Security Researchers Spot Live Exploitation

Researchers at Defused uncovered the first known attacks after monitoring Oracle E-Business Suite honeypots. Their findings show that threat actors have already started scanning for and exploiting vulnerable servers.

Researchers also noted that no public proof-of-concept exploit currently exists. That detail suggests the attackers created their own exploit or obtained one through private channels before it became publicly available.

Oracle Released a Patch Before the Attacks

Oracle included a fix for CVE-2026-46817 in its May 2026 Critical Patch Update, giving customers an opportunity to secure their environments before attackers launched these campaigns.

The latest attacks indicate that many organizations have not yet installed the update. Oracle continues to encourage customers to run supported software versions and deploy security patches as quickly as possible to eliminate the Oracle EBS vulnerability from their environments.

Organizations Should Patch Immediately

Now that attackers actively exploit the Oracle EBS vulnerability, organizations should move patching to the top of their security priorities.

Security teams should identify Oracle Payments deployments, verify that they installed the May update, and investigate internet-facing systems for signs of unauthorized activity. Every day an affected server remains unpatched increases the likelihood that attackers will discover and compromise it.


0 responses to “Oracle E-Business Suite Vulnerability Enters Active Exploitation as Attacks Begin”